Cloud Security Engineer

Riyadh, Saudi Arabia

Full time

Engineering

About the role

We are seeking a Cyber Security Engineer to join our security team and help protect our cloud infrastructure, applications, and data. This role is hands‑on and technical, with a strong focus on cloud security, SOC operations, vulnerability assessment, and penetration testing.

You will work closely with engineering, DevOps, and compliance teams to ensure security controls are effectively implemented and aligned with regulatory requirements.

The Moment

Lean has tripled in size over the past twelve months. We’re on track to triple again next year.

What started as the region’s pioneering Open Finance platform is now becoming something bigger: a multi‑product infrastructure company powering payments, data, and lending across MENA. We’re expanding into new markets, opening offices, acquiring businesses, and building capabilities that didn’t exist here before.

We’ve processed billions of dollars in transactions. We’re trusted by 300+ clients - from Binance and Careem to Etisalat - and backed by General Catalyst, Sequoia, and Shorooq. Our $67.5M Series B was just the beginning.

What you’ll Own

• Cloud Security

  • Secure cloud environments by implementing best practices for IAM, network security, logging, monitoring, and encryption.

  • Configure and manage cloud-native security services such as security groups, WAF, SIEM integrations, and key management solutions.

  • Conduct cloud security posture reviews in alignment with relevant regulatory requirements and cybersecurity frameworks, such as SAMA CSF, NCA ECC, and other applicable local and international standards.

  • Support secure architecture design and threat modeling for cloud‑based services.

• SOC Operations & Monitoring

  • Monitor and investigate security alerts from SIEM, EDR, and cloud security tools.

  • Perform triage, analysis, and escalation of security incidents in line with defined SLAs.

  • Participate in incident response activities, including containment, root cause analysis, and post‑incident reporting.

  • Maintain and improve detection rules, playbooks, and SOC procedures.

• Vulnerability Assessment & Penetration Testing

  • Conduct regular vulnerability scans on cloud infrastructure, applications, and networks.

  • Analyze findings, assess risk, and work with engineering teams on remediation.

  • Support internal and external penetration testing exercises and track remediation of findings.

  • Validate remediation actions and continuously improve vulnerability management processes.

• Identity, Access & Data Protection

  • Implement and manage IAM controls, least‑privilege access, and MFA across environments.

  • Support encryption, key management, and secure data handling in line with KSA PDPL requirements.

• Regulatory & Compliance Support

  • Support security controls and technical evidence required for SAMA CSF, NCA ECC, PDPL, and related KSA regulatory requirements.

  • Collaborate with compliance and audit teams during assessments, audits, and regulatory reviews.

  • Ensure technical security controls align with ISO 27001 and SOC 2 requirements.

• Continuous Improvement & Collaboration

  • Stay up to date on emerging threats, vulnerabilities, and cloud security trends.

  • Contribute to security documentation, runbooks, and technical standards.

  • Support security awareness initiatives and promote secure engineering practices.

What we’re looking for

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.

• 5 years of hands‑on experience in cybersecurity, cloud security, SOC, or vulnerability management roles.

• Experience working with SIEM, EDR, vulnerability scanning, and security monitoring tools.

• Solid understanding of network security, cloud security, and incident response fundamentals.

Preferred Qualifications

• Experience in fintech, banking, or other highly regulated environments.

• Familiarity with SAMA Cybersecurity Framework, NCA ECC, and PDPL.

• Hands‑on experience with vulnerability scanning and penetration testing tools.

• Hands‑on experience with SIEM, EDR, IAM and PAM.

• Exposure to DevSecOps and CI/CD security practices.

• Security certifications such as Security+, CEH, CCSP or equivalent.

• Collaboration & Teamwork: Works effectively with cloud, DevOps, SOC, and compliance teams.

• Analytical Thinking: Strong ability to analyze alerts, vulnerabilities, and incidents.

• Communication: Able to clearly explain technical security issues and remediation steps.

• Ownership & Accountability: Takes responsibility for assigned security tasks and follows through.

• Attention to Detail: Ensures accuracy in monitoring, testing, and security configurations.

NB. While we think the above experience could be important, we’re keen to hear from people that believe they have valuable experience to bring to the role. If you identify with the team and mission, but not all of our requirements, then please still apply!!

We’re building the financial infrastructure for MENA. Not as a slogan, as a fact.

Since 2019, we’ve become the first regulated Open Banking and Open Finance company operating across the UAE and Saudi Arabia. We’ve processed billions of dollars. We connect millions of accounts. We enable companies like Binance, Careem, and Etisalat to build products that were previously impossible in this region.

Our recent $67.5M Series B from General Catalyst and Sequoia isn’t just validation: it’s fuel. We’re expanding into new markets, launching new products, and setting the pace for what financial innovation looks like in MENA.

We solve hard problems. We move fast. We hold ourselves to a high standard. And we’re looking for people who’ve done this before to help us do it right.

If you’re motivated by building something that lasts, not just something that scales, Lean is where you need to be.

Not only do we offer competitive salaries, private healthcare, and flexible office hours, but we also insist that every member of the team hold a meaningful equity stake in the business to ensure long‑term alignment. We'd love you to join us for this journey!

Lean is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.

When applying for a job at Lean Technologies, we will need to collect, use and share Personal Data about you with different members of our team during the application process. This may mean transferring your data to members of the team in one of our office locations worldwide outside of the country you are in. Please refer to our Privacy Notice on our website for more information about how we may and store your Personal Data.